The last year has seen its fair share of high profile breaches as a result of cyber-attacks across several healthcare organizations that have impacted literally millions of individuals, causing much alarm throughout the healthcare industry. These massive breaches, however, are not limited to just the healthcare industry (e.g. The SONY attack), in fact, cyber-attack is a problem that targets all types of industries.
HIMSS Cyber Security Survey (2015)
Recently, 297 individuals completed the 2015 HIMSS Cyber Security Survey to help gauge both awareness and readiness in relation to the ever growing incidents of security breach and cyber-attack that is regularly observed today. Each of the respondents had at least some level of responsibility for information security within their organizations and reported that:
- They use an average of 11 different technologies to secure their environments
- More than half indicated that their organizations have hired a professional to manage information security functions
- 87% of respondents indicated an increased priority to their information security over the past year
In addition, respondents also indicated that they’ve improved security in the following areas:
- Security posture
- Network security capabilities
- Endpoint protection
- Data loss prevention
- Disaster recovery
However, despite the protective technologies implemented within healthcare organizations, respondents still reported that their confidence in their organization’s ability to protect data was about average. Where respondents held the most confidence was in their organization’s ability to defend against brute force attacks, however, confidence in their organization’s ability to protect against a zero-day attack ranked the lowest. Two thirds of respondents indicated that their healthcare organization had experienced at least one significant security incident in the past.
Healthcare organizations must operate from a perspective which presumes their perimeter has already been breached…
The majority of respondents reported that they felt that today’s security tools are not going to be able to sufficiently protect the industry against the wide range of security threats that their organizations are expecting to face in the future. In addition, they indicated that healthcare organizations should operate from a perspective which presumes their organizations perimeter has already been breached, in fact more that 50% agreed that cross-sector cyber threat information sharing is beneficial to their organization. They also revealed that they were most likely to be concerned about negligent insiders, phishing attacks, and advanced persistent attacks.
Additional key survey results indicated the following:
- Healthcare organizations continue to rely on technologies such as anti-virus software, firewalls, and data encryption to secure their IT environments
- Respondents were less likely to report their organizations used multi-factor digital identity, biometric technologies, and dark web research
- Respondents were most likely to report the use of risk assessment and vulnerability scans to assess security
- Security incidents at respondent’s healthcare organizations were identified by an internal resource (such as an internal security team)
Respondents also said that their top motivators for improving information security environments stemmed from results of risk assessments, as well as concerns about phishing attacks, and malware/viruses.
Respondents reported a high degree of concern in regard to insider threat factors
More than half of respondents reported that external organizations were called in to investigate their security incidents, while the other half reported that security incidents were addressed solely through an internal investigation. Most of the respondents blamed lack of staffing and financial resources as key security barriers within their organization, while 42% indicated that there were just too many new and emerging threats to keep track of.
If you’re having trouble keeping on top of emerging threats and staying ahead of evolving regulation requirements, you need to work with an experienced team of IT professionals who know what they’re doing. Otherwise, you’re spending more time stressing about protecting confidential data than you’re spending focused on the health of your patients.
Veltec Networks knows healthcare organizations are under a lot of pressure to stay safe against cybercrime, which is why we:
- Safeguard protected health information with comprehensive security measures, such as email encryption, user authentication, firewalls, anti-virus software, and more.
- Help you maintain compliance with HIPAA through regular security audits/risk assessments designed to find vulnerabilities and implement the appropriate safeguards.
- Plan for the adoption of EHR/EMR technology in order to help you qualify for financial rewards from Stage 2 of Meaningful Use while operating in a more efficient manner.
Start maintaining compliance and focusing on the health of your patients. Veltec Networks is here to help. Call (408) 849-4441 or email us at info@veltecnetworks.com to find out more about our managed IT services for healthcare organizations in San Jose.